feat: add tests for revoke and enable access

server/test/enable_access_test.go

@@ -0,0 +1,57 @@
+package test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/crypto"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func enableAccessTest(t *testing.T, s TestSetup) {
+	t.Helper()
+	t.Run(`should revoke access`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "revoke_access." + s.TestInfo.Email
+		_, err := resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
+			Email: email,
+		})
+		assert.NoError(t, err)
+		verificationRequest, err := db.Provider.GetVerificationRequestByEmail(email, constants.VerificationTypeMagicLinkLogin)
+		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+		assert.NoError(t, err)
+		assert.NotNil(t, verifyRes.AccessToken)
+
+		h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
+		assert.Nil(t, err)
+		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
+
+		res, err := resolvers.RevokeAccessResolver(ctx, model.UpdateAccessInput{
+			UserID: verifyRes.User.ID,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, res.Message)
+
+		res, err = resolvers.EnableAccessResolver(ctx, model.UpdateAccessInput{
+			UserID: verifyRes.User.ID,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, res.Message)
+
+		// it should allow login with revoked access
+		res, err = resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
+			Email: email,
+		})
+		assert.Nil(t, err)
+		assert.NotEmpty(t, res.Message)
+
+		cleanData(email)
+	})
+}

server/test/resolvers_test.go

@@ -48,6 +48,8 @@ func TestResolvers(t *testing.T) {
 			adminSessionTests(t, s)
 			updateEnvTests(t, s)
 			envTests(t, s)
+			revokeAccessTest(t, s)
+			enableAccessTest(t, s)
 			generateJWTkeyTest(t, s)
 
 			// user tests

server/test/revoke_access_test.go

@@ -0,0 +1,54 @@
+package test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/crypto"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func revokeAccessTest(t *testing.T, s TestSetup) {
+	t.Helper()
+	t.Run(`should revoke access`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "revoke_access." + s.TestInfo.Email
+		_, err := resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
+			Email: email,
+		})
+		assert.NoError(t, err)
+		verificationRequest, err := db.Provider.GetVerificationRequestByEmail(email, constants.VerificationTypeMagicLinkLogin)
+		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+		assert.NoError(t, err)
+		assert.NotNil(t, verifyRes.AccessToken)
+
+		res, err := resolvers.RevokeAccessResolver(ctx, model.UpdateAccessInput{
+			UserID: verifyRes.User.ID,
+		})
+		assert.Error(t, err)
+
+		h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
+		assert.Nil(t, err)
+		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
+
+		res, err = resolvers.RevokeAccessResolver(ctx, model.UpdateAccessInput{
+			UserID: verifyRes.User.ID,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, res.Message)
+
+		// it should not allow login with revoked access
+		_, err = resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
+			Email: email,
+		})
+		assert.Error(t, err)
+		cleanData(email)
+	})
+}